CVE-2002-0480

ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=101666833321138&w=2
http://marc.info/?l=bugtraq&m=101675086010051&w=2
http://marc.info/?l=bugtraq&m=101684141308876&w=2
http://www.securityfocus.com/bid/4331
http://marc.info/?l=bugtraq&m=101666833321138&w=2
http://marc.info/?l=bugtraq&m=101675086010051&w=2
http://marc.info/?l=bugtraq&m=101684141308876&w=2
http://www.securityfocus.com/bid/4331

Configurations

Configuration 1 (hide)

cpe:2.3:a:iss:realsecure_nokia:6.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2002-08-12 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2002-0480

Mitre link : CVE-2002-0480

CVE.ORG link : CVE-2002-0480

JSON object : View

Products Affected

iss

realsecure_nokia

CWE

NVD-CWE-Other

{"id": "CVE-2002-0480", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=101666833321138&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=101675086010051&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=101684141308876&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/4331", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=101666833321138&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=101675086010051&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=101684141308876&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/4331", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user \"skank\" on a machine \"starscream\" to become a key manager when the \"first time connection\" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iss:realsecure_nokia:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DFE9D25-058F-4A43-BC35-F381F4D3306F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}